Networking and connectivity details for the SendPro C, SendPro+, SendPro C Auto
Use these network requirements to prepare your IT and local network environment for connecting your SendPro C, SendPro+, SendPro C Auto device to the internet.
Products affected: SendPro® C, SendPro®+, SendPro® C Auto (2H20, R2H20, R2H20M, R1H20C, 1H20C, R1H20CM, 7H20C, R7H20C, R7H20CM, 7H20A, R7H20A, R7H20AM)
If you have extensive network security restrictions, your IT or network administrator may need these specifications to prepare for the installation.
TeamViewer is an application that lets Pitney Bowes Service access your device remotely, when you authorize it. (A TeamViewer session can only be initiated by someone on your end, therefore the system cannot be accessed without your knowledge.) There are two ways to unblock TeamViewer:
Related topics
URL Information
These URLs must be accessible from the device, without any obstructions. This includes being free of any SSL packet inspection, web filtering devices or software monitoring.
Required URLs
- Distributor - main PB Server that authenticates machine for access to other PB web services.
- Funds (Funds Management & Refills) - funds are managed through a separate Funds Server.
- http://distservp1.pb.com (Port 80)
- https://distservp1.pb.com (Port 443)
- http://comet2.ct.pb.com (Port 80)
- https://comet2.ct.pb.com (Port 443)
- https://cometservp1.pb.com (Port 443)
- http://cometservd1.pb.com (Port 80)
- https://cometservd1.pb.com (Port 443)
- 199.231.45.46
- 199.231.44.31
- Rates and Updates (Download Services) - Downloads new software, graphics, rate prices
- Main Download Services entry
- https://dlsdlp1.pb.com (Port 443)
- File Processing
- https://pbdlsp1.pb.com (Port 443)
- https://pbdlsp1t.pb.com (Port 443)
- https://pbdlsp1k.pb.com (Port 443)
- https://pbdlsp1b.pb.com (Port 443)
- https://pbdlsp1z.pb.com (Port 443)
- OS Updates
- https://pb-ota.redbend.com (Port 443)
- Main Download Services entry
- Manage Accounts (Accounting) - separate PB Server that manages accounting including account creation, reports etc.
- Accounting Web Application:
- https://ms1app.pb.com/ (Port 443)
- https://ms1appalm-kdc.pb.com (Port 443)
- Accounting Web Services:
- https://ms1app.pb.com/ms1atweb/services/ (Port 443)
- Accounting Web Application:
- Health Data Update - machine health Information upload
- https://s3.amazonaws.com (Port 443)
- Network Connectivity Test Site - used by tablet's Android O/S to confirm connectivity
- http://connectivitycheck.gstatic.com/generate_204 (Port 80)
Important: Connectivity tests also use Google DNS explicitly (8.8.8.8 Port 53)
- PB Web Services Support - used by several PB applications including Shipping
- https://api.pitneybowes.com (Port 443)
- https://api.precisely.com (Port 443)
- https://pitneybowes.okta.com (Port 443)
- https://microsoft.com (Port 443)
- http://microsoft.com (Port 80)
- http://mail.o365.pb.com (Port 80)
- Parcel Shipping - Parcel Shipping Labels
- https://api.spo.pitneybowes.com/ (Port 443)
- https://843911245900-sending-service-dub-prd.s3.amazonaws.com/ (Port 443)
- Login URLs
- https://login2.pitneybowes.com/login
- https://pitneybowes.okta.com/oauth2/ausfhsvbplYEHWveV1t7/v1
Recommended URLs
We recommend these URLs are left open, but if this presents a security issue, they can remain blocked. They are enabled by default.- Device Management (uses Port 443 or 80 unless otherwise stated).
- https://smb.pitneybowes.com
- https://prov.mdm.pitneybowes.com
- https://api.mdm.pitneybowes.com
- https://cn977.awmdm.com
- https://ds977.awmdm.com
- https://play.google.com
- https://gate.hockeyapp.net
- https://e.crashlytics.com
- https://android.googleapis.com
- https://play.vidyard.com/
- https://www.youtube.com/
- https://s3-us-west-2.amazonaws.com/
- http://mobile-gtalk.l.google.com (Port 5228)
- a21iywh40b72eh-ats.iot.us-west-2.amazonaws.com
- alt2-mtalk.google.com
- alt5-mtalk.google.com
- alt6-mtalk.google.com
- alt8-mtalk.google.com
- android.clients.google.com
- android-safebrowsing.google.com
- api.crashlytics.com
- apis.google.com
- app-measurement.com
- aws.amazon.com
- captive.apple.com
- cloudconfig.googleapis.com
- cognito-identity.us-east-1.amazonaws.com
- content.googleapis.com
- csd-error-logs.s3.amazonaws.com
- csd-error-logs.s3-us-west-1.amazonaws.com
- csd-launcher.s3.amazonaws.com
- csd-launcher.s3-us-west-1.amazonaws.com
- csd-mailing.s3.amazonaws.com
- csd-mailing.s3-us-west-1.amazonaws.com
- csd-remote-config.s3.amazonaws.com
- csd-remote-config.s3-us-west-1.amazonaws.com
- csd-translations.s3.amazonaws.com
- csd-translations.s3-us-west-1.amazonaws.com
- digitalassetlinks.googleapis.com
- dl.google.com
- docs.google.com
- ES-MAD-ANX-R010.teamviewer.com
- firebaseinstallations.googleapis.com
- fonts.googleapis.com
- fonts.gstatic.com
- GB-LON-ANX-R008.teamviewer.com
- hshh.org
- in.appcenter.ms
- lh3.googleusercontent.com
- master3.teamviewer.com
- mdh-pa.googleapis.com
- mtalk.google.com
- pagead2.googlesyndication.com
- phonedeviceverification-pa.googleapis.com
- ping3.teamviewer.com
- play.googleapis.com
- pool.ntp.org
- r1---sn-8pgbpohxqp5-auol.gvt1.com
- r2---sn-8pgbpohxqp5-auol.gvt1.com
- r3---sn-8pgbpohxqp5-auol.gvt1.com
- r3---sn-8pgbpohxqp5-auos.gvt1.com
- r6---sn-8pgbpohxqp5-auol.gvt1.com
- r7---sn-8pgbpohxqp5-auol.gvt1.com
- r8---sn-8pgbpohxqp5-auol.gvt1.com
- redirector.gvt1.com
- registrar.iot.pitneycloud.com
- reports.crashlytics.com
- safebrowsing.googleapis.com
- settings.crashlytics.com
- ssl.gstatic.com
- time.apple.com
- www.google.com
- www.googleapis.com
- www.gstatic.com
- www.pitneybowes.com
TeamViewer is an application that lets Pitney Bowes Service access your device remotely, when you authorize it. (A TeamViewer session can only be initiated by someone on your end, therefore the system cannot be accessed without your knowledge.) There are two ways to unblock TeamViewer:
- General unblocking of Port 5938 TCP for outgoing connections (recommended). Port 5938 is only used by a few applications and therefore there is no security risk. This traffic should be filtered or cached.
- Unblocking URLs of the following formats (to any server) GET:
- /din.aspx?s=…&client=DynGate…GET
- /dout.aspx?s=…&client=DynGate…POST
- /dout.aspx?s=…&client=DynGate…
- *.TeamViewer.com
- *.dyngate.com
Communications
The SendPro C, SendPro+, SendPro C Auto connection uses these ports and protocols. The system will require access through your network and firewall.- All communication is initiated from the system via ports 80 (HTTP) and 443 (TLS).
- All communications from the system to the back end system are in the form of XML messages.
Ports
Port 80 (HTTP)- Web Services
- TeamViewer (remote access software)
- SendPro C, SendPro+, SendPro C Auto sends requests to refill or audit its PSD (Postal Security Device) when the user requests it or an inspection is required. Audits occur if the PSD inspection date has expired.
- Transaction records from the SendPro C, SendPro+, SendPro C Auto are automatically uploaded when a user message appears (within three days of the mail being generated).
- O/S updates and PB Application Software and Rates Data updates.
- DNS lookup
Advanced Network Requirements
SendPro C, SendPro+, SendPro C Auto initiates all communication (via HTTP or TLS), so it can safely sit behind most corporate firewalls
- High-speed network connection
- SendPro C, SendPro+, SendPro C Auto supports 802.11n WiFi WPA, WPA-2 PSK, WPA-802.1x (LEAP) protocols.
- Due to security issues, WEP Wireless Security Protocol is not supported.
- Both 2.4 and 5 GHz frequency band wireless is supported.
- SendPro C, SendPro+, SendPro C Auto communicates to external web services via HTTP over Port 80
- SendPro C, SendPro+, SendPro C Auto communicates to PB secure server(s) via TLS 1.2 over port 443
- SendPro C, SendPro+, SendPro C Auto uses Port 53 for DNS lookup
- Pitney Bowes requires a minimum network bandwidth of 384 kbps (upstream and downstream) to operate, but we recommend 1 Mbit/sec for best performance
- Pitney Bowes recommends that DSL or cellular devices are not shared across multiple SendPro C, SendPro+, SendPro C Auto systems
- Customer owned web filtering devices or software, as well as SSL packet inspection should be disabled for these ports as they can affect performance or could prevent functionality.
- SendPro C, SendPro+, SendPro C Auto internal base and tablet communication uses a subnet that consists of IPs from the 192.168.10.240 to 192.168.10.255 and 192.168.10.96 to 192.168.10.111 ranges. When the SendPro C, SendPro+, SendPro C Auto is connected to a network that has a default gateway which uses any address in these ranges, the SendPro C, SendPro+, SendPro C Auto will not be able to communicate on the network because messages can not be routed properly.
- Wired Ethernet supports 10/100 Mbit speeds.
Related topics
UPDATED: 12 August 2024